CISA Warns: Old DNS Trick 'Fast Flux' Is Still Thriving
An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
Stay updated on DNS security with the latest news on threats, protection strategies, and expert insights into securing your domain systems.
Search across headline titles and summaries.
Background for this topic.
DNS is the distributed naming system that translates domain names into IP addresses and other service records. Its security matters because an attacker who compromises a registrar account, authoritative DNS server, or resolver can redirect users to an attacker-controlled service, disrupt access, or interfere with email and software updates. Forged replies and cache poisoning can produce similar redirection when validation is absent. DNS traffic can also carry command-and-control instructions or encoded data, although unusual queries require investigation rather than being treated as proof of compromise.
DNSSEC allows validating resolvers to authenticate signed DNS data, reducing spoofing and cache-poisoning risk; it does not encrypt queries or guarantee availability. Protect registrar and DNS-administration accounts with strong authentication and least privilege, restrict recursion and zone transfers, patch DNS software, and use redundant authoritative infrastructure. Monitor record changes, resolver errors, query volumes, and patterns such as long, frequently changing subdomains to support detection of hijacking, outages, or DNS tunneling.
An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
Shape shifting technique described as menace to national security The US govt's Cybersecurity Infrastructure Agency, aka CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks.…
Also: Gootloader Malware, GCHQ Intern Pleads Guilty, Check Point Breach UpdateThis week, a "Fast Flux" warning, Gootloader malware, an GCHQ intern pleaded guilty to stealing top secret data and Check Point undercuts hacking claim. Also, Google rolled out end-to-end encryption for some Gmail users, Apple backported patches and Dutch prosecutors cut internet access.
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. [...]
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected